What Perception Point didn't say was that after finding the hole, their discovery, CVE-2016-0728, had been sent up stream to be fixed by the Linux kernel developers. The only reason this was a "zero-day" was because Perception Point itself released an exploit once the patch was already well on its way.

Why would they do that? One ticked-off Linux security developer said, "it's all about selling their companies nobody has ever heard of for as much as possible. This way they get headlines and we get security headaches."

This, according to another programmer working on mediating the problem, is far from unique. "Security companies are always making a big deal of little problems for their own benefit."

In this case, this security hole could exploit Linux's keyrings facility. Keyrings are used to cache security data, authentication keys, and encryption keys. The breach attacks this functionality by duplicating a keyring object name from userspace. By itself, that's not too bad.

The trouble comes when the field used to store the object name's reference count overflows. There are no checks to keep this integer value from wrapping around to zero. Once that's done, an attacker can overwrite its memory and you're on your way to a privilege escalation exploit. In short, yes an ordinary user can gain superuser privileges.

That's bad, but it's not half as bad as it sounds. First, you need a user account to even start. At a minimum, an attacker would need to have a login and shell account on the target system. Joe Hacker simply trying to break into your system from outside can't do it.

In addition, for once this problem doesn't impact older systems. Only Linux distributions using the Linux kernel 3.10 or higher can be attacked. Linux 3.10 was released on August 2013.

Specifically the following distributions are theoretically vulnerable:

Even on these systems, the published exploit doesn't work. I've tried it myself on a Fedora 23 system with 8GBs of RAM. It eventually locked up the PC when it ran out of free memory. Others report finding this attack failed because of memory exhaustion.

While this could be used to attack Android devices running Android 4.4 or newer, it's a meaningless attack. First you'd need to have the device in hand. Next, you'd need more memory than I've ever seen on an Android gadget. Last but far from least, since even Perception Point admits that, "the full exploit takes about 30 minutes to run on Intel Core i7-5500 CPU." It would take over a day to run on an Android device. In short, there's a lot easier ways to root an Android smartphone or tablet.